COMHAIRLE NÁISIÚNTA NA NATIONAL COUNCIL FOR VOCATIONAL AWARDS. Consultative Draft Module Descriptor. Network Security.

Transcription

1 COMHAIRLE NÁISIÚNTA NA gcáilíochtaí GAIRMOIDEACHAIS NATIONAL COUNCIL FOR VOCATIONAL AWARDS Consultative Draft Module Descriptor Network Security Level 6 C30260 January 2006

2 1. Module Title Network Security 2. Module Code C Level 6 4. Credit Value 1 5. Purpose This module is a statement of the standards to be achieved to gain a FETAC credit in Systems Software. It is designed to provide a solid foundation for the student in the fundamentals of Network Security. 6. Preferred Entry Level 7. Special Requirements 8. General Aims This module aims to enable the learner to: 8.1 Understand how viruses work in order to protect a computer system against virus attack. 8.2 Understand hacking techniques in order to protect a computer system from unauthorised outside access 8.3 Understand the CIA triad elements of confidentiality, integrity and availability to protect a computer system from unauthorised internal access. 8.4 Understand communications security and be able to implement countermeasures to keep an organisations communications secure. 8.5 Develop and deploy a computer security plan within an organisation. 8.6 Understand auditing and accountability, develop and implement an auditing system for an organisations computer system.

3 9. Units The specific learning outcomes are grouped into 6 units. Unit 1 Unit 2 Unit 3 Unit 4 Unit 5 Unit 6 Antivirus management External security Internal security Communications Security Security Planning Security Auditing 10 Specific Learning Outcomes Unit 1 Antivirus Management Learners should be able to: Understand the propagation techniques used by viruses Know how antivirus software packages detect known viruses Explain the techniques viruses use to escape detection Outline the basic principles behind logic bombs, Trojan horses, and worms Understand and implement antivirus management. Unit 2 External Security Learners should be able to: Be familiar with common password attacks and understand how to develop strong passwords Be familiar with the various types of application attacks hackers use to exploit poorly written software Know the network reconnaissance techniques used by hackers preparing to attack a network Understand decoy techniques used by system administrators seeking to lure hackers into a trap Outline the use of monitoring in relation to access controls Explain the need for intrusion detection systems (IDSs), explain the limits of using host-based IDSs, list the pros and cons of network-based IDSs.

4 Explain the differences between knowledge-based and behaviour based IDS detection methods Explain the purpose of vulnerability scanners and penetration testing Outline how brute force and dictionary attacks work Know what denial of service (DoS) attacks are Explain how the SYN flood DoS attack, Smurf DoS attack, ping of death DoS, WinNuke DoS attack, stream DoS attack, teardrop DoS attacks and land DoS attacks work Understand spoofing attacks, man-in-the-middle attacks, hijack attacks replay or playback attacks, sniffer attacks and spamming attacks Understand, list and implement the countermeasures to all types of DoS attacks and to spoofing, man-in-the-middle, sniffer, and spamming attacks Understand and implement the different types of firewalls. Unit 3 Internal Security Learners should be able to: Know how to prevent unrestricted installation of software Understand backup maintenance Know how changes in workstation or location promote a secure environment Understand privileged operations functions Know the standards of due care and due diligence Understand how to maintain privacy Understand what constitutes an illegal activity Know the proper procedure for record retention Understand the elements of securing sensitive media Know and understand the security control types Know the importance of control transparency.

5 Understand how to protect resources Be able to explain change and configuration control management Understand the trusted recovery process. Unit 4 Communications Security Learners should be able to: Know the protocol services used to connect to LAN and WAN communication technologies Know what tunneling is Understand VPNs Be able to explain NAT Understand common characteristics of security controls Understand how security works Know how fax security works Understand voice communications security Explain the concept of security boundaries Understand the various attacks and implement countermeasures associated with communications security

6 Unit 5 Security Planning Learners should be able to: Appreciate the security implications of hiring new employees Explain separation of duties Outline the principle of least privilege Know why job rotation and mandatory holidays are necessary Outline proper termination policies Define key security roles and know the elements of a formalised security policy structure Define overall risk management and carry out a risk analysis Evaluate threats and understand quantitative risk analysis Explain the concept of an exposure factor (EF) Know what single loss expectancy (SLE) is and how to calculate it Understand annualised rate of occurrence (ARO) Know what annualised loss expectancy (ALE) is and how to calculate it Know the formula for safeguard evaluation Understand qualitative risk analysis Understand the Delphi technique Know the options for handling risk Be able to explain total risk, residual risk, and controls gap Know how to implement security awareness training Understand security management planning Understand that personnel management is a form of administrative control or administrative management Know what inappropriate activities are Know that errors and omissions can cause security problems.

7 Understand fraud and theft Know what collusion is Understand employee sabotage Know how loss of physical and infrastructure support can cause security problems Understand espionage. Unit 6 Security Auditing Learners should be able to: Understand auditing Know the types or forms of auditing Understand compliance checking Understand the need for frequent security audits Understand that auditing is an aspect of due care Understand audit trails Understand how accountability is maintained Know the basic elements of an audit report Understand the need to control access to audit reports Understand sampling Understand record retention Understand monitoring and the uses of monitoring tools Understand failure recognition and response Understand what penetration testing is and be able to explain the methods used Know what diving and scavenging are.

8 11 Portfolio of Please refer to the glossary of assessment techniques and the note on assessment Assessment principles at the end of this module descriptor. All assessment is carried out in accordance with FETAC regulations. Assessment is devised by the internal assessor, with external moderation by FETAC. Summary Skills Demonstration 40% Examination 60% 11.2 Skills The internal assessor will devise a brief that requires candidates to Demonstration produce evidence that demonstrates an understanding and application of a range of specific learning outcomes. In one or more skills demonstrations, candidates will be assessed in a broad range of practical skills and adherence to safe working practices throughout. Candidates will demonstrate an ability to make a system secure from both internal and external misuse Examination The internal assessor will devise three multiple choice examinations based on the six units of study. Each multiple choice examination will be based on two units and will consist of 20 questions. Each exam will be of no more than one hour in duration and will have an allocation of 20% of the total marks for the module. These multiple choice examinations will assesses candidate s ability to recall and apply theory in a range of areas. These questions may be answered either orally or in writing. 12. Grading Pass 50-64% Merit 65-79% Distinction %

9 Individual Candidate Marking Sheet 1 Network Security C30260 Examination (50%) Candidate Name: NCVA Candidate No.: Centre: Roll No.: Assessment Criteria Maximum Mark Candidate Mark Units 1 and 2 Subtotal 20 Units 3 and 4 Subtotal 20 Units 5 and 6 Subtotal 20 TOTAL MARKS This mark should be transferred to the Module Results Summary Sheet 60 Internal Assessor s Signature: Date: External Examiner s Signature: Date:

10 Individual Candidate Marking Sheet 2 Network Security C30260 Case Study 40% Candidate Name: NCVA Candidate No.: Centre: Roll No.: Assessment Criteria Maximum Mark Candidate Mark Appropriate Risk Analysis 10 Appropriate Internal Security Procedures Appropriate External Security Procedures Appropriate documentation TOTAL MARKS This mark should be transferred to the Module Results Summary sheet 40 Internal Assessor s Signature: Date: External Examiner s Signature: Date:

11 NCVA Module Results Summary Sheet Module Title: Network Security Module Code: C30260 Candidate Surname Mark Sheet Mark Sheet Assessment Marking Sheets 1 2 Maximum Marks per Marking Sheet Candidate Forename Total 100% Grade* Signed: Internal Assessor: Date: This sheet is for internal assessors to record the overall marks of individual candidates. It should be retained in the centre. The marks awarded should be transferred to the official NCVA Module Results Sheet issued to centres before the visit of the external examiner.

12 Glossary of Assessment Techniques Assignment An exercise carried out in response to a brief with specific guidelines and usually of short duration. Each assignment is based on a brief provided by the internal assessor. The brief includes specific guidelines for candidates. The assignment is carried out over a period of time specified by the internal assessor. Assignments may be specified as an oral presentation, case study, observations, or have a detailed title such as audition piece, health fitness plan or vocational area profile. Collection of Work A collection and/or selection of pieces of work produced by candidates over a period of time that demonstrates the mastery of skills. Using guidelines provided by the internal assessor, candidates compile a collection of their own work. The collection of work demonstrates evidence of a range of specific learning outcomes or skills. The evidence may be produced in a range of conditions, such as in the learning environment, in a role play exercise, or in real-life/work situations. This body of work may be self-generated rather than carried out in response to a specific assignment eg art work, engineering work etc Examination A means of assessing a candidate s ability to recall and apply skills, knowledge and understanding within a set period of time (time constrained) and under clearly specified conditions. Examinations may be: practical, assessing the mastery of specified practical skills demonstrated in a set period of time under restricted conditions oral, testing ability to speak effectively in the vernacular or other languages interview-style, assessing learning through verbal questioning, on one-to-one/group basis aural, testing listening and interpretation skills theory-based, assessing the candidate s ability to recall and apply theory, requiring responses to a range of question types, such as objective, short answer, structured, essay. These questions may be answered in different media such as in writing, orally etc.

13 Learner Record Project A self-reported record by an individual, in which he/she describes specific learning experiences, activities, responses, skills acquired. Candidates compile a personal logbook/journal/diary/daily diary/ record/laboratory notebook/sketch book. The logbook/journal/diary/daily diary/record/laboratory notebook/sketch book should cover specified aspects of the learner s experience. A substantial individual or group response to a brief with guidelines, usually carried out over a period of time. Projects may involve: research requiring individual/group investigation of a topic process eg design, performance, production of an artefact/event Projects will be based on a brief provided by the internal assessor or negotiated by the candidate with the internal assessor. The brief will include broad guidelines for the candidate. The work will be carried out over a specified period of time. Projects may be undertaken as a group or collaborative project, however the individual contribution of each candidate must be clearly identified. The project will enable the candidate to demonstrate: (some of these about 2-4) understanding and application of concepts in (specify area) use/selection of relevant research/survey techniques, sources of information, referencing, bibliography ability to analyse, evaluate, draw conclusions, make recommendations understanding of process/planning implementation and review skills/ planning and time management skills ability to implement/produce/make/construct/perform mastery of tools and techniques design/creativity/problem-solving/evaluation skills presentation/display skills team working/co-operation/participation skills. Skills Demonstration Assessment of mastery of specified practical, organisational and/or interpersonal skills. These skills are assessed at any time throughout the learning process by the internal assessor/another qualified person in the centre for whom the candidate undertakes relevant tasks. The skills may be demonstrated in a range of conditions, such as in the learning environment, in a role-play exercise, or in a reallife/work situations.

14 The candidate may submit a written report/supporting documentation as part of the assessment. Examples of skills: laboratory skills, computer skills, coaching skills, interpersonal skills. NCVA Assessment Principles 1 Assessment is regarded as an integral part of the learning process. 2 All NCVA assessment is criterion referenced. Each assessment technique has assessment criteria which detail the range of marks to be awarded for specific standards of knowledge, skills and competence demonstrated by candidates. 3 The mode of assessment is generally local i.e. the assessment techniques are devised and implemented by internal assessors in centres. 4 Assessment techniques in NCVA modules are valid in that they test a range of appropriate learning outcomes. 5 The reliability of assessment techniques is facilitated by providing support for assessors. 6 Arising from an extensive consultation process, each NCVA module describes what is considered to be an optimum approach to assessment. When the necessary procedures are in place, it will be possible for assessors to use other forms of assessment, provided they are demonstrated to be valid and reliable. 7 To enable all learners to demonstrate that they have reached the required standard, candidate evidence may be submitted in written, oral, visual, multimedia or other format as appropriate to the learning outcomes. 8 Assessment of a number of modules may be integrated, provided the separate criteria for each module are met. 9 Group or team work may form part of the assessment of a module, provided each candidate s achievement is separately assessed.